james hughes wrote:
Hope I can help.
On Apr 3, 2007, at 9:49 AM, Darren J Moffat wrote:
Zhi Guan wrote:
The aim of the project is to build a cryptosystem with a USB token to
save
the keys. But current USB tokens on market do not support ECC (Elliptic
Curve Cryptography), which is needed in our project. So we buy a USB
token hardware and write our own firmware. But the firmware is
(maybe) not
compatible with current standards, and default driver maybe not work.
When you say USB token do you mean the small form factor combined
smartcard chip and reader ?
Yes. This is more than a smart card through a reader, it is a chip
embedded in a USB socket. The advantage is that the chip can be much
faster since it has a lot more power to use than a smartcard. The net
result is a 10x increase in clock rate. Anyway, this is a programmable
mechanism that can, from a software point of view, look like a smart
card, but from a hardware point of view much better. A sample vendor is
http://www.bestoken.com/
So you want to write a driver to talk to a hardware crypto device that
uses USB as its connectivity mechanism ?
Yes. The ultimate goal is to plumb the CPK crypto token as a crypto
engine to the crypto framework. His office is in the same area as the
existing USB driver writers in Beijing.
This sounds like the existing crypto project covers exactly this need
so I don't see why a new project is needed for this.
Yes, but I would add that the conversion of ssh to use the CPK algorithm
using the solaris crypto framework is also interesting.
So... Would this not be 2 projects?
1) adding the token as an engine to the crypto framework as a part of
http://opensolaris.org/os/project/crypto/
2) CPK as a crypto framework consumer (as Lofi and ZFS crypto are now).
Item 1) may not be grounds for a new project and could merge with the
crypto framework project, but I would expect that item 2) is. worthy of
it's own project.
I'd agree with that.
We are a long way from integration.
His first step is to get his existing self contained user level code
working, OK.
Second step is to get it using the existing crypto framework, OK.
Third step, get the USB token as a crypto provider. Sounds like an
acceptable plan to me...
So where does this leave us with what is needed in terms of the needs
for project hosting on opensolaris.org - which is basically a webpage,
mailing list and source repository ?
--
Darren J Moffat
_______________________________________________
opensolaris-discuss mailing list
[email protected]
